package zhcms.admin;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashMap;


import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import zhcms.db.DBManager;
import zhcms.db.DbConn;
import zhcms.db.ConnectionPool.PooledConnection;
import zhcms.framework.Action;
import zhcms.framework.ActionForward;
import zhcms.tool.GyPage;

public class GyAdmin implements Action{
	String pageStr="";
	
	public GyAdmin()
	{
		
	}

	@Override
	public ActionForward excute(HttpServletRequest request,
			HttpServletResponse response) {
		return null;
	}
	
	public int listcount(){
		ResultSet rs = null;
		PooledConnection conn = null;
		String sql="select count(*) as id from `gyhy_admin`";
		int countlyb=0;
		try {
			conn = DBManager.getConnection();
			rs = conn.executeQuery(sql);
			if (rs.next())
			{
				countlyb=rs.getInt("id");
			}
		} catch (SQLException e) {
			e.printStackTrace();
		}
		finally {
            conn.close();
		}
		return countlyb;
	}
	
	public ArrayList<HashMap<String, String>> getAllList(int currentpage)
	{
		int listnumcount=this.listcount();
		GyPage gyp=new GyPage();
		gyp.setP(15, listnumcount, "", "", currentpage);
		String limitStr=gyp.limit();
		pageStr=gyp.outPut();
		String sql="select AdminID,AdminName,LasTime,LastIP,State from `gyhy_admin` order by AdminID desc limit "+limitStr;
		return DbConn.executeQuery(sql);
	}
	
	public ArrayList<HashMap<String, String>> getOneList(int postid)
	{
		String sql="select * from `gyhy_admin` where AdminID='"+postid+"'";
		return DbConn.executeQuery(sql);
	}
	
	public ArrayList<HashMap<String, String>> getOneList(String postid)
	{
		String sql="select * from `gyhy_admin` where AdminID='"+postid+"'";
		return DbConn.executeQuery(sql);
	}
	
	public String getPageStr() {
		return pageStr;
	}

	public void setPageStr(String pageStr) {
		this.pageStr = pageStr;
	}
	
	public ActionForward save(HttpServletRequest request, HttpServletResponse response) throws IOException
	{
		try {
			request.setCharacterEncoding("UTF-8");
			response.setCharacterEncoding("utf-8");
		} 
		catch (UnsupportedEncodingException e1) 
		{
			
		}
		String postid=getV(request.getParameter("postid"));
		//System.out.println("postid+++++++++++++"+postid);
		String AdminName=getV(request.getParameter("AdminName"));
		
		if(AdminName==null || AdminName.length()<=0 || AdminName.equals("null"))
		{
			return new ActionForward("/admin/admin_master.jsp",4,"用户名没有填写!",-1);
		}
		
		String RealName=getV(request.getParameter("RealName"));
		String Phone=getV(request.getParameter("Phone"));
		String Email=getV(request.getParameter("Email"));
		String qq=getV(request.getParameter("qq"));
		String State=getV(request.getParameter("State"));
		String password=getV(request.getParameter("password"));
		
		PooledConnection conn = null;
		String sqlStr1="";
		
		if(postid==null || postid.length()<=0 || postid.equals("null"))
		{
			
			if(password==null || password.length()<=0 || password.equals("null"))
			{
				sqlStr1="insert into `gyhy_admin` ( `AdminName` , `RealName` , `Phone` , `Email` , `qq` , `State`) values('"+AdminName+"','"+RealName+"','"+Phone+"','"+Email+"','"+qq+"','"+State+"');";
			}
			else
			{
				sqlStr1="insert into `gyhy_admin` ( `AdminName` , `RealName` , `Phone` , `Email` , `qq` , `State` , `AdminPSW`) values('"+AdminName+"','"+RealName+"','"+Phone+"','"+Email+"','"+qq+"','"+State+"',md5('"+password+"'));";
			}
		}
		else
		{
			if(password==null || password.length()<=0 || password.equals("null"))
			{
				sqlStr1="update `gyhy_admin` set `AdminName`='"+AdminName+"' , `RealName`='"+RealName+"' , `Phone`='"+Phone+"' , `Email`='"+Email+"' , `qq`='"+qq+"' , `State`='"+State+"' where `AdminID`="+postid;
			}
			else
			{
				sqlStr1="update `gyhy_admin` set `AdminName`='"+AdminName+"' , `RealName`='"+RealName+"' , `Phone`='"+Phone+"' , `Email`='"+Email+"' , `qq`='"+qq+"' , `State`='"+State+"' , `AdminPSW`=md5('"+password+"') where `AdminID`="+postid;
			}
		}
		
		//System.out.println(sqlStr1);
		boolean isok=false;
		try {
			conn = DBManager.getConnection();
			conn.executeUpdate(sqlStr1);
			conn.close();
			isok=true;
		} catch (SQLException e) {
			isok=false;
			e.printStackTrace();
		}
		finally {
            conn.close();
		}
		if(isok==true)
		{
			return new ActionForward("/admin/admin_master.jsp",3,"更新成功");
		}
		else
		{
			return new ActionForward("/admin/admin_master.jsp",3,"更新失败");
		}
	}
	
	public ActionForward del(HttpServletRequest request, HttpServletResponse response)
	{
		
		try {
			request.setCharacterEncoding("UTF-8");
			response.setCharacterEncoding("utf-8");
		} 
		catch (UnsupportedEncodingException e1) 
		{
			
		}
		String postid=getV(request.getParameter("postid"));
		//System.out.println("postid+++++++++++++"+postid);
		
		PooledConnection conn = null;
		String sqlStr1="";
		
		sqlStr1="delete from  `gyhy_admin` where `AdminID`="+postid;
		
		//System.out.println(sqlStr1);
		boolean isok=false;
		try {
			conn = DBManager.getConnection();
			conn.executeUpdate(sqlStr1);
			conn.close();
			isok=true;
		} catch (SQLException e) {
			isok=false;
			e.printStackTrace();
		}
		finally {
            conn.close();
		}
		if(isok==true)
		{
			return new ActionForward("/admin/admin_master.jsp",3,"更新成功");
		}
		else
		{
			return new ActionForward("/admin/admin_master.jsp",3,"更新失败");
		}
	}

	public static String TransactSQLInjection(String str)
	{
	    return str.replaceAll(".*([';]+|(--)+).*", " ");
	}

	private String getV(String S)
	{
		//System.out.println(S);
		String returnS;
		if(S==null || S.length()<=0)
		{
			returnS="";
		}
		else
		{
			returnS=S;
		}
		return TransactSQLInjection(returnS);
	}
}
